Federal Aviation Administration Security and Hazardous Materials Safety

Transcription

1 Federal Aviation Administration Security and Hazardous Materials Safety Fiscal Year Business Plan

2 The Office of Security and Hazardous Materials Safety is committed to supporting the FAA's vision of continuously improving the safety and efficiency of flight. We continue to work with all of our partners to focus our experience, expertise, and new technology in order to ensure a safer and more secure global airspace. Make Aviation Safer and Smarter The Office of Security and Hazardous Materials Safety is committed to furthering the strategic goal of making aviation safer and smarter through its work on hazardous materials safety, personnel security, facility security, as well as partnering with other Federal agencies on national security matters that have a direct impact on aviation. Strategic Measure: Risk-Based Decision Making Build on safety management principles to proactively address emerging safety risk by using consistent, datainformed approaches to make smarter, system-level, riskbased decisions. Strategic Initiative: Decision Making Process Enhance decision making process. Strategic Activity: Cross Organizational Safety Enhancements Develop and implement safety risk enhancements to cross-organizational issues. i. Identify current hazards and utilize current policies (8040.4A) and guidance material to assess the associated risk; ii. Modifying A as a result of lessons learned; iii. Process for identifying hazards is being developed by Safety Performance Design Team. ATO, AVS, ARP (ASH and AST Target 1 only) Each LOB shall develop a Line of Business-level Significant Safety Issue (SSI) identification process from previously analyzed data to identify high impact hazards and populate the LOB-level SSI list. (AVS, ATO, ARP, ASH, AST) Due March 31, Strategic Initiative: Safety Oversight Model Evolve the Safety Oversight Model. FY ASH Business Plan January 21, 04:38 PM Strategic Activity: FAA Oversight Model Evolve the FAA Oversight model to leverage industry's use of safety management principles, and exchange safety management lessons learned and best practices.(avs, ASH, ARP, AST, AGC) 90 days after union notification, but no later than June 30,, have the FAA Compliance Philosophy signed by the Administrator. Due June 30, Core Measure: Commercial Air Carrier Fatality Rate Reduce the commercial air carrier fatalities per 100 million persons on board by 24 percent over 9-year period ( ). No more than 6.2 in FY Target: 6.9 Core Initiative: Hazardous Materials Safety Improve the safety of transporting hazardous materials by air. Core Activity: Hazardous Materials Safety Regulations ASH will enforce the hazardous materials regulations issued by the Department of Transportation's (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA) and implement strategic safety initiatives to strengthen those regulations. ADG will continue to implement strategic safety initiatives for the transport of hazardous materials in aviation by initiating studies, rulemakings and other documentation, and in partnership with PHMSA, other lines of business, and other government agencies as required, assist with rulemaking. Support rulemaking and other initiatives related to transport of hazardous materials by air, in partnership with PHMSA, other FAA lines of business, and other government agencies as required. Support activities include, but are not limited to, conducting studies, performing research, collecting data, providing technical expertise on the transport of hazardous materials by air, and assisting with other rulemaking activities. Due 01/21/ Page 1 of 28 FY ASH Business Plan

3 Core Measure: IT Risk Management and Information Systems Security Address 80% of high value risks within 30 days. Establish oversight by the Cybersecurity Steering Committee to assure consistent risk acceptance decisions. Visualize vulnerabilities on all IP based systems. Core Initiative: Reduce Risk to Agency Internet Protocol (IP) Based Systems Progressively improve the agency risk posture by implementing vulnerability management processes. Core Activity: Vulnerability Management Processes Implement vulnerability management processes to address 80% of the high value threats and vulnerabilities exploited by attacks within 30 days. Assist AIT in the development of a draft process to fuse cyber incidents with threat information identifying high risks to address (accept, reject, mitigate, share, or transfer). Due October 31, 2014 Core Activity: Department of Homeland Security (DHS) Phase One Continuous Diagnostics and Mitigation (CDM) Begin implementation of the DHS Phase One CDM capabilities within the FAA to provide near real-time information about the agency's hardware, software, and vulnerabilities. Assist AIT in the completion of a consolidated inventory with recommendations for the data visualization dashboard to AIS-1 and the Cybersecurity Steering Committee Due March 31, Core Activity: Security and Privacy Response Service The Security and Privacy Response Service provides continuous monitoring of events and an immediate response to incidents and breaches. The incident response process initiates and coordinates appropriate responses and includes ownership of the incident management process and management of communication both internally and externally as required for incidents. The Office of Information Security and Privacy will enhance the Cyber Incident Response process for the FAA. Participate in the planning and conducting of an incident response exercise to validate FAA's Cyber Incident Response Process and include defined and documented criteria for escalating the incident status. This exercise should include at a minimum AIT, the NAS Cyber Operations (NCO) and Security and Hazardous Materials Safety (ASH). Report findings to AIS-1 and the Cybersecurity Steering Committee with recommended updates to FAA's security processes. Due June 30, Core Activity: Security Compliance Service The Security Compliance Service monitors compliance with applicable requirements, tracks response through remediation, and communicates this information to the system owners. The service supports internal audits and external audit initiatives and reporting. Assist in the analysis of FAA's FISMA reportable inventory systems for accuracy of identified impact levels. Complete analysis for 1/3 FAA's FISMA reportable inventory. Due Core Activity: Security and Privacy Liaison Service The Security and Privacy Liaison Service provides relationship management between consumers and the Information Security and Privacy group. In addition, coordinates policies, awareness training, as well as situational awareness communications. Assist in the completion and submission of a draft update to FAA Order a Information Security Policy in coordination with internal AIT organizations as well as external LOBs/SO. Due Complete and submit to AIS-1 a draft update to the b Privacy Policy in coordination with internal AIT organizations as well as external LOBs/SOs to AIS-1. Due Assist in the development of a draft updated FAA Cyber Security Strategy Due Core Measure: Safe Transport of Hazardous Materials 01/21/ Page 2 of 28 FY ASH Business Plan

4 Ensure that hazmat priorities are current and relevant. Core Initiative: Safe Transport of Hazardous Materials The Office of Hazardous Materials Safety (ADG) provides regulatory oversight of hazardous materials transported in cargo and passenger operations and supports the FAA's goal to continuously improve the safety and efficiency of flight. ADG manages the planning, development, implementation, and operational policy for implementation strategies of hazardous materials regulations within the domestic United States and the coordination of these activities in each of the regional offices. In addition, ADG manages FAA's hazardous materials rulemaking efforts, represents the FAA on international efforts to coordinate oversight of hazardous materials regulations, coordinates national and international outreach, and chairs the Transportation Research Board's Committee on Transportation of Hazardous Materials. ADG has two divisions: the Compliance and Enforcement Division (ADG-100) and the International and Domestic Standards Division (ADG-200). Core Activity: National Inspection and Investigations Methodologies ADG will issue the contents of the National Inspection and Investigation Manual (NI2M) as an FAA Order. Complete updates and review of the National Inspection and Investigations Manual (NI2M) and issue the contents as an FAA Order, to ensure consistency in conducting inspections and investigations. Due Core Activity: National and International Outreach Program ADG will conduct national and international outreach in order to increase awareness of the dangers of hazardous materials transported on domestic and international passenger and cargo aircraft. Provide outreach to educate the public, industry, air carriers, and aviation industry associations on the safe transportation of hazardous materials by air (dependent on resources) by producing relevant outreach materials, updating FAA's public website, and presenting hazardous materials safety information to national or international audiences. Due Monitor regional compliance with the goal of responding to 80% of actionable airline passenger hazmat discrepancy reports through automated outreach on a quarterly basis, which, through a letter, each identified passenger is informed and educated about the hazardous materials discovered in their respective checked baggage. Due Core Activity: Hazardous Materials Safety Oversight Priorities ADG will establish hazardous materials safety oversight priorities through the National Workplan. Develop an ASH Hazardous Materials Safety Program National Workplan that sets hazardous materials safety oversight priorities for the new fiscal year and monitor performance of the current year ASH Hazardous Materials Safety Program National Workplan on a quarterly basis. Due Develop an Advisory Circular on air carrier manuals as they relate to hazardous materials. Due Core Activity: Implement the FAA Safety Management System (SMS) ADG will lead the ASH Hazardous Materials Safety Program's integration into FAA's air carrier Safety Management System to ensure that HMR oversight of Parts 121 air carriers is consistent with FAA and ICAO obligations through coordination with Joint Office Division Managers and relevant FAA offices. Continue implementation of the plan for the integration of Parts 121 air carriers' hazardous materials safety oversight operations into ATOS and SAS, contingent on funding. Due September 30, Core Activity: Improve Safety in the NAS Through Interagency and Intra-agency Partnerships and Cooperative Research Participate in inter- and intra-agency collaborations on air transportation of hazardous materials to enhance the efficiency and effectiveness of inspections, outreach, and enforcement activities. Lead or participate in inter- and intra-agency collaborations, such as those with PHMSA, other DOT modal administrations, and the AIR Commercial Aviation Safety Team (CAST), the National Transportation Safety Board (NTSB), the 01/21/ Page 3 of 28 FY ASH Business Plan

5 Transportation Security Administration (TSA), the FAA Aviation Rulemaking Committee (ARC), and the Transportation Research Board (TRB), to provide hazardous materials transportation expertise to enhance safe transportation of hazardous materials. Due Core Activity: Hazardous Materials Safety Program Policies, Procedures and Guidance ADG will provide national hazardous materials safety policies, procedures, and guidance for use by the FAA Hazardous Materials Safety Program. Present a final draft for ASH-1 review of the 1984 FAA Order A, Transportation of Hazardous Materials. Due Core Activity: Safety Outreach on the Risks of Lithium Batteries in Air Cargo Develop a comprehensive communications strategy to conduct safety outreach on the risks of lithium batteries in air cargo. Continue to update the Passenger & Batteries chart on the ASH public-facing website. Due Continue to update safety promotion materials aimed at the flying public, airline personnel, repair stations, and other regulated entities. Due June 30, Core Initiative: Support International Committees and Panels on Hazardous Materials Support for International Committees and Panels on hazardous materials. Core Activity: International Committees and Panels ASH will represent the FAA by serving as the U.S. Panel Member for the International Civil Aviation Organization (ICAO) Dangerous Goods Panel and as aviation advisor to the United Nations (UN) Subcommittee on the Transportation of Dangerous Goods. Participate in two UN subcommittee meetings on the transportation of dangerous goods, review documentation such as working papers from the U.S. and other countries and information papers, and develop U.S. position summary in coordination with PHMSA. Due September 30, Participate in two ICAO dangerous goods panels and as needed, develop, submit, and review documentation such as working papers from the U.S. and other countries and information papers, and develop U.S. position summary in coordination with PHMSA. Due September 30, Core Activity: Hazardous Materials Safety Program Communication, Coordination, and Collaboration Initiate efforts to increase communication, coordination, and collaboration to advance a Safety Management Systems (SMS) culture and risk-based decision making (RBDM), to disseminate information, to respond to questions, and to foster understanding and consistency. Conduct three All-Hands briefings or meetings with Hazardous Materials Safety Program personnel. Due Conduct monthly meetings with Hazardous Materials Safety Program Division Managers. Due Conduct an annual meeting with Hazardous Materials Safety Program Division Managers and Front Line Managers. Due Core Measure: Facility Security Description: Improve the Facility Security Assessment/Inspection methodology to reduce the number of "Other Findings" by 5%. Core Initiative: Facility Security The ASH Facility Security Division (AIN-100) supervises nation-wide security program areas and provides program policy guidance, oversight and evaluations, and establishes activity targets. It provides operational Servicing Security Element (SSE) services to FAA Headquarters level customers and represents ASH and the FAA in various intradepartmental and inter-agency policy forums. 01/21/ Page 4 of 28 FY ASH Business Plan

6 Core Activity: Facility Security Management Program AIN will analyze FAA facilities for security vulnerabilities that impact people, assets, or missions. AIN will identify protective measures as security findings and will collaborate with ATO/AJW during the design and implementation of such measures. AIN will collect security incident data for reporting and presentation to FAA Stakeholders on trends, and design protective measures to inhibit or stop repeat occurrences. Conduct seven facility security assessments, inspections, and/or technical outreach visits at FAA Washington Headquarters-leased office spaces and Headquarters facilities located away from the primary Headquarters facility. Due Prepare a report template that will provide an annual reporting mechanism to ASH-1 of all approved facility exceptions, open findings, and accreditation status of staffed facilities. Due Host one technical informational or instructional presentation for FAA Facility Security Program personnel. Due Publish a listing of FAA Facility Security Level (FSL) 3 TRACONs and ATCTs. Due July 31, Activity Target 5: Install the capability for FAA security guards to validate the employment status and facility access authorization of FAA employees and contractors in real-time through the use of "guard look-up" at 10 Facility Security Level 3 and 4 Facilities. Currently, this capability is only installed at the FAA regional headquarters buildings, the Mike Monroney Aeronautical Center, and the William J. Hughes Technical Center. Due Core Activity: International Visitor Program ASH Headquarters will develop and use an automated system to track international visitors visiting FAA facilities and will process international foreign visit requests. AIN-100 will process international visit requests within ten days of receipt. Due September 30, Core Measure: Information Safeguards, Communications Security (COMSEC) and Industrial Security Provide national program management and oversight of the following programs: Classified National Security Information (CNSI) Program, Sensitive/Controlled Unclassified Information (S/CUI) Program, Communications (COMSEC) Security/Electronic Key Management System /Key Management Infrastructure (EKMS/KMI) Program, and National Industrial Security Program (NISP). Core Initiative: Communications Security (COMSEC) Manages the centralized COMSEC/EKMS account and secure cryptographic keying facility for accounting, generation and distribution of classified [NSA Type 1] cryptographic keying material (EKMS/KMI) and hardware to protect classified information transmitted across the FAA network infrastructure, including secure voice communications, enabling secure data encryption across the FAA classified data and voice network communications infrastructure. Core Activity: Communications Security (COMSEC) Maintain accountability and control over COMSEC materials in accordance with NSA, USAF and FAA policies and operational doctrine. Conducts COMSEC accounting inventory/reviews at each HQ facility that has an appointed COMSEC Responsible Officer. Due September 30, Reviews all COMSEC inspections/security reviews of CRO/Local Elements conducted by Servicing Security Elements/field personnel with 30 days of completion in FSRS. Due Design, test, and evaluate a new risk assessment criteria for the classified national security information and communications security (COMSEC) for use by ASH security specialist while conducting inspections and assessments of FAA staffed facilities. Due 01/21/ Page 5 of 28 FY ASH Business Plan

7 Core Measure: Internal Policy, Standards and Efficiencies Develop and revise policy, standards and educational materials for all Internal Security Program areas to ensure efficiency and compliance with regulatory requirements. Core Initiative: Internal Policy, Standards, and Efficiencies The Internal Security Policy and Standards Program ensures all AIN policies and security awareness programs are developed to ensure compliance with all Departmental, Federal and Legislative requirements. The program also ensures the policies and standards are correctly and uniformly applied through the FAA. This is accomplished through program evaluations, security awareness products and informational briefings to FAA employees and contractors. Core Activity: Internal Security Policy Development and Revision Develop and revise policies and procedures for various FAA programs. Develop an Internal Security Programs trend analysis report for the period of January 1, 2012 through December 31, Due May 31, Develop an updated version of the Security Awareness Virtual Initiative (SAVI). Due August 31, Core Measure: Personnel Security The Personnel Security Division initiates and adjudicates employee and contractor initial background investigations; initiates and adjudicates periodic reinvestigations; issues security clearances for FAA employees; and provides program management and technical oversight for the personnel security program nationwide. Core Initiative: Personnel Security The Personnel Security program develops and/or implements policy, as required, for the FAA's Personnel Security Program (Employees and Contractors). These programs support the agency by initiating and adjudicating all employee and contractor suitability and security requests. AIN is responsible for processing all required reinvestigations and for ensuring national security indoctrination briefings and debriefings to employees approved for security clearances and access to classified information. AIN serves as the adjudicative authority over all agency security clearance denials and revocations. Core Activity: Background Investigations AIN will conduct background investigations on FAA employees and contractors using the electronic Questionnaire for Investigations Processing (eqip). 80% of contractor fingerprints will be adjudicated within 10 days of receipt of the fingerprint results. Due 80% of contractor background investigations will be adjudicated within 30 days of the closing date of the OPM investigation. Due September 30, 80% of employee public trust and national security background investigations will be adjudicated within 30 days of the closing date of the OPM investigation. Due Core Measure: Common Identification Standard (CIS) ASH shall continue to implement the Common Identification Standard as instituted by Homeland Security Presidential Directive (HSPD-12) agency-wide, to include DOT, in accordance with standards developed. ASH shall provide guidance and oversight on the issuance of all FAA Identification cards to include the PIV card, implementing new technologies and Federal policies and standards as they are developed. Core Initiative: Common Identification Standard (CIS) The Common Identification Standard (CIS) Program covers the spectrum of activities to comply with and take maximum advantage of the new federal CIS. Implementing guidance from OMB and technical specifications issued by the National Institute of Standards and Technology (NIST), pursuant to HSPD- 12, requires both the creation of new technical systems and changes in business practice for all elements of the FAA with respect to: (1) employee and contractor identity verification; (2) increased and standardized background investigations criteria; (3) significantly greater emphasis on maintaining the integrity of the initial employee identification and investigation process; (4) development and deployment of a system to utilize advanced "smart card" technology to create and deliver new standardized identification media (cards); (5) provisioning cards to make possible improvements in 01/21/ Page 6 of 28 FY ASH Business Plan

8 protection of personal privacy information, facility security, and cyber security, as well as achieve cost savings through automation of security control processes and efficiency gains. Core Activity: ID Media ASH shall provide guidance and oversight on the issuance of FAA Identification cards to include the PIV card. Reissue approximately 20,000 PIV cards to the employees and contractors who were issued PIV cards in Due Conduct two inspections for the current FAA Credentialing Programs. Aerospace Medicine and ASH due in FY15. Due July 31, Develop 10 additional training videos on the various processes within MyID 9 and the HSPD-12 Portals Page and publish the videos to the PIV Tube website. Due Develop a proof of concept at FAA Headquarters to accept PIV card(s) issued by other agencies (not issued by FAA). The proof of concept will validate if PIV card issued by outside agency is still active (not cancelled or expired), and test it with FAA PIV systems to determine if it can be used to allow the PIV card holder access through the turnstiles in the FAA headquarters lobby. Currently, FAA does not accept PIV cards issued by other agencies. Due Core Measure: Identity Security Management (ISM) The main objective of the Identity Security Management staff is to provide cost effective, secure enabling technology to support the ASH mission. AIN-500 has developed a state of the art web-based platform for hosting all of its data driven applications, effectively capturing, disseminating, and analyzing safety and security data. Program managers, hazmat inspectors, security investigators, facility inspectors, and support personnel are using integrated systems for planning, scheduling, capturing and tracking work programs, investigation results, and safety and security information. Core Initiative: Technology ASH will achieve an average of 90% "Good" or "Excellent" ratings on ASH Application Support Customer Satisfaction Surveys received, and certify to the Administrator that 90 percent or more of web pages comply with FAA web standards, policies, and requirements. Core Activity: Requirements Gathering ASH will determine the requirements and feasibility of systems. Ensure 100% of accepted requirements are documented in the required tracking system. Due Conduct a quarterly review with applications customers. Due Core Activity: ISM-Developing Applications The Identity Security Management Division will support the ASH mission requirements and provide application development services. Ensure that all operational applications have a 99% or higher availability. Due September 30, Ensure all new web applications are developed in the ".net" environment. Due Ensure consolidated lists of requirements for applications are shared with customers quarterly. Due Core Activity: ISM-Host National Applications ASH will provide a secure hosting platform for national systems. Provide system availability report to system owners on a quarterly basis. Due September 30, Core Activity: ISM-Identity Security Management and Privacy ASH will ensure the confidentially, integrity and availability of all identity security systems. Ensure all of ASH Identity Security systems 01/21/ Page 7 of 28 FY ASH Business Plan

9 complete the Certification and Authorization process. Due Ensure ASH systems score an 85% or higher on AIS annual security compliance review. Due Develop and implement an ASH Privacy Program. Due Remediate all PII data found during scan. Due Core Measure: FAA Insider Threat Detection and Mitigation Program (ITDMP) The purpose of the FAA ITDMP is to deter, detect, and mitigate actions by FAA employees and contractors who may represent a threat, either witting or unwitting, to the FAA or national security. These threats include potential espionage, violent acts against the United States Government or the Nation, or unauthorized disclosure of classified and/or unclassified information. Core Initiative: FAA Insider Threat program The purpose of the FAA ITDMP is to deter, detect, and mitigate actions by FAA employees and contractors who may represent a threat, either witting or unwitting, to the FAA or national security. These threats include potential espionage, violent acts against the United States Government or the Nation, or unauthorized disclosure of classified and/or unclassified information. Core Activity: FAA Insider Threat The purpose of the FAA ITDMP is to deter, detect, and mitigate actions by FAA employees and contractors who may represent a threat, either witting or unwitting, to the FAA or national security. These threats include potential espionage, violent acts against the United States Government or the Nation, or unauthorized disclosure of classified and/or unclassified information. Initiate formal coordination of the FAA Insider Threat Program Order with the Lines of Businesses/Staff Offices for publication. Due November 30, 2014 Provide FAA Insider Threat Program Order to AOA-1 for signature. Due Core Measure: Crisis Response and Notification The Washington Operations Center Complex (WOCC) is the hub of the FAA's national network of operations centers. The WOCC collects information, provides decision support, coordinates activities essential to the daily conduct of the FAA, and serves as an action center for concentrated and accelerated agency efforts in times of national emergencies, natural disasters, and major incidents/ accidents. The WOCC concept of operations surrounds the premise of taking steps and implementing procedures and practices that support Process-Based Mission Assurance (PBMA). PBMA is the management model of collective systems, processes, protocols, and procedures that encompasses operational risk management, quality assurance, internal control and the strategic business process requirements to execute operations and make certain that senior leadership and key stakeholders are confident that WOCC missions will be achieved and sustained. Core Initiative: Crisis Response and Notification The WOCC facility operates 24-hours a day and is structured to support all FAA Lines of Business (LOBs) and Staff Offices (SO). The WOCC monitors national and global events that impact the aviation industry, coordinates and disseminates this real time information with government operation centers including the White House, State Department, the Department of Homeland Security, the Department of Defense, and the NTSB. The WOCC possesses flexible operational capability and maintains portable assets in order to provide continuity of operations should events require evacuation of the FAA Headquarters building. Additionally, the WOCC staff supplements the Continuity of Operations (COOP) Team, provides COOP cadre and management notifications, and participates as the FAA point of contact in the Federal government's interagency continuity communications plan. Core Activity: Crisis Response and Notification Requirements The crisis response and notification capabilities consist of the collection of systems and processes that work in synchronization to provide consistency in distributing information and facilitating command and control internal and external to the FAA. Intra- and Inter-Agency Collaboration: Establish and maintain inter-agency networks and 01/21/ Page 8 of 28 FY ASH Business Plan

10 associations after subjective evaluation, with two constructive engagements conducted and documented monthly (for a total of 24 engagements in FY) to leverage the full extent of value having exchanged best practices, lessons-learned, new techniques and processes via intra- and inter-agency collaboration through qualitative, antidotal or empirical improvement. Due Core Activity: Washington Operations Center Complex (WOCC) The Washington Operations Center Complex (WOCC) is a 24/7 facility that collects information, provides decision support, coordinates activities essential to the daily conduct of FAA activities, and serves as an action center for concentrated agency efforts in times of national disasters and major incidents. To enhance the Continuity of Operations Program, the WOCC will engage stakeholders and partners through exercises and evaluation activities, to measure improvements to the WOCC's readiness and continuity capabilities. Concurrently, the WOCC will complete the review and modernization of 88 standard operating procedures, processes, and protocols to facilitate consistency in the delivery of services. On a quarterly basis, conduct one tabletop, limited or full-scale field exercise in accordance with the Homeland Security Exercise & Evaluation Program to target, track, and report improvements to the WOCC readiness and continuity capabilities. Due On quarterly basis, complete the review and modernization of 25% of the 88 Washington Operations Center Complex internal process improvements, Requirements, and standardized operating protocols and processes to facilitate consistency in the delivery of services in accordance with WOCC IPIRS Program Performance Plan and the National Security Professional Development - Operations Centers framework. Due Core Measure: Incident Preparedness and Response Through an integrated system of policy, procedures, personnel, facilities, communications and exercises, the Preparedness and Response Division (AEO-200) ensures FAA officials have timely, decision-quality information to plan and then direct essential operations in times of crisis -- both natural and manmade. It also issues policy and guidance for Continuity planning and COOP implementation. Core Initiative: Incident Preparedness and Response Through an integrated system of policy, procedures, personnel, facilities, communications and exercises, the Preparedness and Response Division (AEO-200) ensures FAA officials have timely, decision-quality information to plan and then direct essential operations in times of crisis -- both natural and manmade. It also issues policy and guidance for Continuity planning and COOP implementation. Core Activity: Preparedness and Response for Serious or Catastrophic Incidents ASH will ensure national incident preparedness and response policy guidance and structure exist to support national and regional operations during any serious or catastrophic incidents (natural or technological disasters, terrorism incidents, widespread communications outages, etc.) and National Special Security Events (NSSE). ASH will also provide national-level management of National Exercise Program exercises and other appropriate exercises that might require FAA-wide coordination. Conduct an annual Headquarters/Regional incident response exercise in support of the National Exercise Program Capstone series and/or the Eagle Horizon Federal Executive Branch Continuity Series. Due September 30, Core Activity: Continuity of Operations ASH will ensure that viable continuity of operations facilities and procedures, to include communications and logistics, are continually available and regularly exercised through readiness exercises and training, maintaining continual facility operational capability, and Continuity cadre management. Verify and update activation contact information of Continuity cadre members quarterly. Due Participate in secure continuity communications tests monthly and as required. Due September 30, 01/21/ Page 9 of 28 FY ASH Business Plan

11 Core Measure: National Security Support and Intelligence Evaluations The Special Activities and Law Enforcement Support Division (AEO-300) coordinates and supports US Government National Security initiatives and operations as they pertain to the Federal Aviation Administration. The Division serves as the FAA focal point for matters involving the Department of Defense, Intelligence Community and National/State and local level Law Enforcement and is the responsible agent for providing operational support to sensitive national defense and sensitive law enforcement operations. AEO-300 is building FAA's Defensive Counterintelligence Program to minimize the exploitation of personnel, programs, and information by foreign intelligence services, identify vulnerabilities that may be exploited, and maintain a defensive capability to mitigate these risks to the FAA. AEO-300 also provides intelligence and security briefings to FAA senior leadership, lines of business, program offices, and overseas representatives, and brokers information from relevant counterintelligence sources to facilitate security-related decision making, and provides defensive travel briefings to FAA Sensitive Compartmented Information (SCI) indoctrinated personnel traveling abroad. AEO-300 also conducts technical assessments to identify and analyze advanced security threats in relation to risk and prescribe technical or administrative countermeasures to mitigate vulnerabilities. AEO-300 is also responsible for the implementation and management of FAA's SCI Program, which includes the nomination, adjudication, and indoctrination of personnel for SCI access, oversight for all construction, certification, and management of SCI facilities within FAA and managing and protecting FAA's SCI programs, including networks, circuits, JWICS access, telecommunications and data. Core Initiative: National Security Support and Intelligence Evaluations The Special Activities and Law Enforcement Support Division (AEO-300) coordinates and supports US Government National Security initiatives and operations as they pertain to the Federal Aviation Administration. The Division serves as the FAA focal point for matters involving the Department of Defense, Intelligence Community and National/State and local level Law Enforcement and is the responsible agent for providing operational support to sensitive national defense and sensitive law enforcement operations. AEO-300 is building FAA's Defensive Counterintelligence Program to minimize the exploitation of personnel, programs, and information by foreign intelligence services, identify vulnerabilities that may be exploited, and maintain a defensive capability to mitigate these risks to the FAA. AEO-300 also provides intelligence and security briefings to FAA senior leadership, lines of business, program offices, and overseas representatives, and brokers information from relevant counterintelligence sources to facilitate security-related decision making, and provides defensive travel briefings to FAA Sensitive Compartmented Information (SCI) indoctrinated personnel traveling abroad. AEO-300 also conducts technical assessments to identify and analyze advanced security threats in relation to risk and prescribe technical or administrative countermeasures to mitigate vulnerabilities. AEO-300 is also responsible for the implementation and management of FAA's SCI Program, which includes the nomination, adjudication, and indoctrination of personnel for SCI access, oversight for all construction, certification, and management of SCI facilities within FAA and managing and protecting FAA's SCI programs, including networks, circuits, JWICS access, telecommunications and data. Core Activity: Support to Special Projects Provide operational support to sensitive national defense and sensitive national, state and local law enforcement operations, as well as support to the El Paso Intelligence Center (EPIC). Respond to 100% of requests for operational support from external customers within four business days. Due Conduct quarterly liaison visits with relevant external customers or intelligence community members. Make at least one visit to the El Paso Intelligence Center to validate the requirement for ADAPT. Due Represent FAA in six customer support meetings or working groups, either internal to FAA or with external customers during the fiscal year. Due Core Activity: Counterintelligence Program Support Conduct defensive counterintelligence activities, which will foster an open exchange of sensitive and classified national security intelligence with seniorlevel FAA decision makers and key FAA personnel. Core Activity: Provide FAA decision makers with intelligence on foreign intelligence threats to the FAA by providing quarterly presentations or updates to FAA Executives. Due September 30, 01/21/ Page 10 of 28 FY ASH Business Plan

12 Respond to requests for counterintelligence training and support from FAA employees within two (2) business days. Due Conduct three liaison meetings with members of the U.S. Counterintelligence Community and other Federal partner agencies on a quarterly basis. Due Core Activity: Cyber Intelligence Support Provide the agency with intelligence on cyber threats to the NAS, mission, and administrative systems. Provide FAA decision makers with intelligence on cyber threats to the NAS, mission, and administrative systems by providing quarterly updates to AIT, AIS, and other FAA Executives. Due Core Activity: Counterintelligence Program Technical Support Conduct technical assessments to identify and analyze advanced security threats in relation to risk and prescribes technical or administrative countermeasures to mitigate vulnerabilities. Provide a written report to all customers or information consumers within 10 business days of completion of the technical assessment activity. Due Core Measure: ASH Efforts to Develop Emergency Operation Information Sharing EON will promote and integrate its core function of the emergency operations network and research additional data toolset to understand, analyze, and act on this data in the event of an emergency. Core Initiative: ASH Efforts to Develop Emergency Operation Information Sharing EON will promote and integrate its core function of the emergency operations network and research additional data toolset to understand, analyze, and act on this data in the event of an emergency. Core Activity: ASH Efforts to Develop Emergency Operation Information Sharing The Emergency Operations Network (EON) team will enhance and promote its core capabilities while researching additional technologies to understand and provide data. Promote the use of EON to internal and external stakeholders to foster quarterly collaborative initiatives and innovations in the areas of: Training, Data Enrichment, Geospatial capabilities, Data Sharing, and the EON Dashboard. Due Due Core Activity: Maintain Communications Support Team Readiness Maintain CST proficiency through training, maintenance, and readiness exercises. Complete a monthly system set up and communications test of a major CST system to ensure system functionality and proficiency of core team members. Due Maintain an annual operational readiness rating of 95% for the Emergency Response Vehicle. Due Core Activity: Maintain Emergency Satellite Systems Conduct regular capabilities exercises of fixed and mobile emergency satellite telephone systems. Conduct an ongoing exercise program that allows every fixed or mobile satellite terminal an opportunity to test and train every 60 days, with a minimum participation rate of 65% (annual average of six bi-monthly exercises). Due Core Activity: Communications Security and INFOSEC Management Conduct regular capabilities exercises of secure facsimile. Conduct quarterly national secure facsimile exercises to ensure continued system viability and to identify maintenance issues. Due September 30, 01/21/ Page 11 of 28 FY ASH Business Plan

13 Core Activity: Procure and install VHF/FM equipment for Salt Lake City District Complete VHF/FM equipment installation for Portland and Boise General National Airspace System (GNAS). Complete VHF/FM network engineering design, equipment ordering, site preparation, installation, testing and roll out of the Portland and Boise General National Airspace System (GNAS). Due Core Measure: Investigations, Law Enforcement Assistance, and Digital Media Analysis Programs The Investigations Program and Operations Division (AEO-500) initiates and conducts investigations on FAA employees, contractors, non-employees and certificated airman suspected of violating various FAA orders and regulations. The types of investigations include Administrative, Regulatory, and other Special Inquiries. It also develops and implements policy, as required, for the FAA's Investigations, Law Enforcement Assistance (LEA) and Digital Media Analysis (DMA) Programs and serves as the investigative authority over agency employee misconduct and recommends applicable airmen/aircraft regulatory action. Core Initiative: Investigations, Law Enforcement Assistance, and Digital Media Analysis Programs The Investigations Program and Operations Division (AEO-500) initiates and conducts investigations on FAA employees, contractors, non-employees and certificated airman suspected of violating various FAA orders and regulations. The types of investigations include Administrative, Regulatory, and other Special Inquiries. It also develops and implements policy, as required, for the FAA's Investigations, Law Enforcement Assistance (LEA) and Digital Media Analysis (DMA) Programs and serves as the investigative authority over agency employee misconduct and recommends applicable airmen/aircraft regulatory action. Core Activity: Allegations of Misconduct ASH will investigate all allegations of misconduct by FAA employees, contractors, non-employees and certificated airman/aircraft suspected of violating various FAA orders and regulations. Complete 95% of investigations based upon the various identified specified times, excluding those prolonged for reasons beyond the investigator's control. Due Core Activity: Investigations Program Implement and manage the Investigations Program in accordance with FAA Orders and Conduct an ASH-wide review of at least one investigative activity contained in the Investigations Tracking System for adherence to FAA orders and ASH policy. Due September 30, Core Activity: Law Enforcement Assistance (LEA) Program ASH conducts regulatory investigations on airman and aircraft involved in illegal drug activity or threatening National Security by using the National Airspace System (NAS) to commit criminal acts. Acts as the focal point for FAA interaction with law enforcement. Conduct an ASH-wide review of at least one LEA Program activity contained in the Investigations Tracking System for adherence to FAA orders and ASH Policy. Due Core Activity: Digital Media Analysis (DMA) Program The DMA program is responsible for conducting digital media analysis responsive employees misconduct of FAA personnel. Implement and manage the DMAP Program in accordance with FAA Orders and Complete all digital forensic analysis requests accepted within 20 working days, except those prolonged for reasons beyond forensic examiner's control. Due Conduct technical review of at least one digital forensic examination report from each DMA Unit for consistency and compliance with FAA Orders. Due Core Measure: Intelligence Evaluations The Intelligence and Threat Analysis Division (ITAD) serves as the FAA's lead on all security threats to the National Airspace System, FAA mission areas, FAA 01/21/ Page 12 of 28 FY ASH Business Plan

14 regulated air carrier/operator flights, FAA certificated airmen, and the flying public both domestically and in international locations. ITAD provides intelligence support to the FAA Administrator, Executive Leadership Team, Lines of Business and Staff Offices, Crisis Response Working Group/Crisis Response Steering Group, ASH security directors/managers/regional offices, and to FAA employees assigned to or travelling within high threat countries. ITAD works in concert with the Special Activities and Law Enforcement Support Division and the Department of Transportation in conducting liaison to the Intelligence Community (IC) and national-level Law Enforcement (LE) Community, and provides these agencies with aviation intelligence expertise and analysis. Within ITAD is the Current Intelligence Threat Evaluation Watch (CITE Watch). The CITE Watch provides intelligence support to the 24/7 Washington Operations Center Complex/Domestic Events Network (WOCC/DEN) through threat identification, warning and assessment, and constant liaison with IC/LE agencies. The CITE Watch evaluates both classified and open source intelligence to provide tailored intelligence support to FAA leadership and the WOCC /DEN during aviation security/safety incidents and National Special Security Events, and direct support to FAA's air traffic security programs and ASH security investigations. It serves as the FAA's focal point for interactions with TSA's Secure Flight program and the FBI's Terrorist Screening Center, and maintains contact with the Counterterrorism Community through multi-daily secure video teleconferences. Core Initiative: Intelligence Evaluations The Intelligence and Threat Analysis Division (ITAD) serves as the FAA's lead on all security threats to the National Airspace System, FAA mission areas, FAA regulated air carrier/operator flights, FAA certificated airmen, and the flying public both domestically and in international locations. ITAD provides intelligence support to the FAA Administrator, Executive Leadership Team, Lines of Business and Staff Offices, Crisis Response Working Group/Crisis Response Steering Group, ASH security directors/managers/regional offices, and to FAA employees assigned to or travelling within high threat countries. ITAD works in concert with the Special Activities and Law Enforcement Support Division and the Department of Transportation in conducting liaison to the Intelligence Community (IC) and national-level Law Enforcement (LE) Community, and provides these agencies with aviation intelligence expertise and analysis. Within ITAD is the Current Intelligence Threat Evaluation Watch (CITE Watch). The CITE Watch provides intelligence support to the 24/7 Washington Operations Center Complex/Domestic Events Network (WOCC/DEN) through threat identification, warning and assessment, and constant liaison with IC/LE agencies. The CITE Watch evaluates both classified and open source intelligence to provide tailored intelligence support to FAA leadership and the WOCC /DEN during aviation security/safety incidents and National Special Security Events, and direct support to FAA's air traffic security programs and ASH security investigations. It serves as the FAA's focal point for interactions with TSA's Secure Flight program and the FBI's Terrorist Screening Center, and maintains contact with the Counterterrorism Community through multi-daily secure video teleconferences. Core Activity: Intelligence Analysis, Coordination and Facilitation Evaluate intelligence and aviation security event information, and provide direct and tailored intelligence and security support to FAA senior leadership, lines of business, program offices, ASH joint office directors, and overseas representatives. Support 95% of Crisis Response Working Group (CRWG) meetings and Crisis Response Steering Group (CRSG) meetings with relevant threat intelligence information. Interact weekly with US Transportation Command (USTRANSCOM) and Air Mobility Command intelligence elements regarding U.S.-flagged air carrier contract operations in conflict zones. Due September 30, Provide FAA Executives one threat briefing weekly for 50 weeks of the fiscal year, and provide additional briefings as requested by FAA Executives, or as required by developing events. Due Represent FAA in ten interagency intelligence meetings or working groups during the fiscal year. Due Participate in minimum of 400 National Counterterrorism Center Secure Video Conferences. Due Activity Target 5: Through JWICS and HSDN, provide 50 weeks of intelligence products/support to OST/S60 in the preparation of the intelligence brief and updates to the Secretary, Deputy Secretary and senior leadership in the Office of the Secretary. Due 01/21/ Page 13 of 28 FY ASH Business Plan

15 Core Measure: Joint Security and Hazardous Materials Safety Office - West (AHW): Inspections and Investigations Execute and conduct inspections and investigations to fulfill the requirements of the ASH mission. Core Initiative: Hazardous Materials - AHW AHW hazardous materials agents conduct inspections of shippers of hazardous materials that were identified during routine air carrier inspections; shippers of hazardous materials by air that have been prioritized into risk-based categories using information shared with all DOT modal administrations; air carriers and repair stations that ship hazardous materials by air. Core Activity: Inspections AHW will conduct inspections of the following: shippers of hazardous materials by air that were identified during routine air carrier inspections or those that have been prioritized into risk-based categories using information shared with all DOT modal administrations; air carriers that ship hazardous materials; and repair stations that ship hazardous materials by air. Conduct shipper and repair station inspections as identified in the AHW Hazardous Materials workplan Due Conduct air carrier station inspections as identified in the AHW Hazardous Materials workplan. Due Review all air carrier Hazardous Material training programs and manuals submitted by the Flight Standards office holding the air carrier certificate and notify the Flight Standards office of any required changes or approval within 45 calendar days of receipt. Due Conduct inspections on shippers or air carriers requesting SP or CA determinations as part of the ADG review process, as resources allow. Due Activity Target 5: Conduct outreach activities to shippers of critical hazmat commodities. Due Activity Target 6: Respond to all actionable airline passenger hazmat discrepancy reports through automated outreach. Due Activity Target 7: Complete 90% of all civil penalty hazardous materials investigations within 90 calendar days. Due Core Initiative: Facility and Information Security - AHW AHW conducts assessments and inspections at FAA facilities to determine status of the Facility Security Management Program and compliance with FAA Order and Interagency Security Committee (ISC) standards. Additionally, AHW conducts Communications Security (COMSEC) and Classified Information inspections at FAA facilities to determine their compliance with FAA Orders , , and National Security Agency (NSA)/United States Air Force (USAF) directives. Core Activity: Facility Security Management Program The Joint Security and Hazardous Materials Office, West will conduct facility security assessments and inspections at FAA staffed facilities. Conduct facility security assessments and inspections at FAA facilities as required by the AHW workplan. Due Complete 80% of all incidents entered in the Facility Security Reporting System (FSRS) database for FY and analyze the Incident Trending Report each quarter to determine if security briefings are required to address the specific incident types. Report progress quarterly. Due Validate the implementation of security measures at FAA facilities and accredit 90% of facilities within 15 days of all findings being verified as closed. Due Core Activity: Internal Security - COMSEC and Classified Information Program Inspections AHW Security Agents will also inspect all areas that store classified national security information to determine compliance with FAA Order and other applicable directives. 01/21/ Page 14 of 28 FY ASH Business Plan

16 Conduct COMSEC and Classified Information inspections at FAA facilities as required by the AHW workplan. Due Core Initiative: Internal Security and Investigations - AHW AHW initiates and adjudicates all employee and contractor suitability and security requests; initiates and conducts investigations on FAA employees, contractors, non-employees and certificated airmen; conducts regulatory investigations on all airmen and aircraft; and supports the implementation of the Common Identification Standard. Core Activity: Background Investigations AHW Security Agents support the Personnel Security Core Business target by initiating and adjudicating all employee and contractor suitability and security requests. They are responsible for processing all required reinvestigations for persons occupying national security and high risk positions and for providing national security indoctrination briefings and debriefings to employees approved for security clearances and access to classified information within the Joint Security and Hazardous Materials Office, West. Adjudicate 80% of contractor fingerprints within 10 days of receipt of the fingerprint results. Due Initiate 80% of initial Public Trust and National Security (except for Critical Sensitive) cases within 10 days. Due Adjudicate 80% of employee fingerprints within 10 days of receipt of the fingerprint results. Due Initiate 80% of initial Critical Sensitive National Security cases within 10 days. Due September 30, Core Activity: Allegations of Misconduct AHW initiates and conducts investigations on FAA employees, contractors, non-employees and certificated airmen suspected of violating various FAA orders and regulations. The types of investigations include Administrative, Civil, Regulatory and other Special Inquiries. Complete 95% of all Accountability Board investigations within 30 work days, excluding those prolonged for reasons beyond the investigator's control. Due Complete 95% of all investigations based upon Safety Hotline complaints and Administrator's Hotline complaints within 30 work days, and complete 95% of investigations based upon Department of Transportation, Office of Inspector General (DOT/OIG) Hotline complaints within DOT/OIG's specified suspenses, excluding those prolonged for reasons beyond the investigator's control. Due Conduct an audit of the Investigations Program processes in order to identify efficiencies and develop a target for number of days to complete investigations. Report progress quarterly. Due Complete all computer/digital forensics accepted within 20 working days except those prolonged for reasons beyond the computer forensics examiners control. Due Core Activity: Law Enforcement Assistance Program AHW will conduct regulatory investigations on all airmen and aircraft involved in illegal drug activity or in threatening National Security by using the National Airspace System to commit criminal acts. Initiate regulatory investigations on 95% of all airmen involved in sale or distribution of illegal drugs within 30 days of knowledge of a conviction or notification by law enforcement. Due September 30, Initiate regulatory investigations on 95% of all aircraft involved in illegal activity within 30 days of knowledge of that activity. Due September 30, Provide training, assistance and briefings to federal, state and local agencies, and other external and internal customers as requested. Due 01/21/ Page 15 of 28 FY ASH Business Plan

17 Conduct ramp checks at general aviation airports to validate aircraft certificates and/or airman certificates and registrations. Due September 30, Activity Target 5: Track laser incidents in ITS requiring LEAP support and assist Law Enforcement Agencies and Flight Standards in conducting laser incident investigations. Due Core Activity: ID Media AHW will support AIN in the implementation of the Common Identification Standard instituted by Homeland Security Presidential Directive (HSPD-12) in accordance with standards developed. Continue issuance of PIV Cards to all FAA employees and contractors as required. Due Support DOT PIV card issuance at Regional Offices as required. Due Core Initiative: AHW Support - ASH Training Function AHW supports a model work environment for employees. Core Activity: Conduct EEO Training and Briefings to include the mandatory No FEAR Training AHW will deliver a brief on the EEO process to ASH employees. AHW will provide an EEO briefing to all employees during FY15. Due Core Measure: Joint Security and Hazardous Materials Safety Office - East (AHE): Inspections and Investigations Execute and conduct inspections and investigations to fulfill the requirements of the ASH mission. Core Initiative: Hazardous Materials Safety Program - AHE AHE hazardous materials specialists will conduct inspections of shippers of hazardous materials that were identified during routine air carrier inspections; shippers of hazardous materials by air that have been prioritized into risk-based categories using information shared with all DOT modal administrations; air carriers and repair stations that ship hazardous materials by air. Core Activity: Inspections AHE hazardous materials specialists will conduct inspections of shippers of hazardous materials that were identified during routine comprehensive inspections; shippers of hazardous materials by air that have been prioritized into risk-based categories using information shared with all DOT modal administrations; air carriers that ship hazardous materials; and repair stations that ship hazardous materials by air. Conduct shipper and repair station inspections as identified in the Hazmat Safety Program National Workplan and measure against the completion of all shipper and repair stations by the target date. Evaluate at the end of each quarter and compare against interim milestones published in the ADG Hazardous Materials workplan. Due September 30, Conduct air carrier station inspections as identified in Hazmat Safety Program National Workplan and measure against the completion of all air carrier station inspections by the target date. Evaluate at the end of each quarter and compared against interim milestones published in the Hazmat Safety Program National Workplan. Due September 30, Review all air carrier Hazardous Material training programs and manuals submitted by the Flight Standards office holding the air carrier certificate and notify the Flight Standards office of any required changes or approval within 45 calendar days of receipt. Due Provide direct assistance to ADG and AWM in support of national and international hazardous materials program initiatives. Some examples include: serving on national work groups; providing technical expertise on special permits and approvals; assisting in policy and development; providing associate staff for training; and the participation in pilot programs. Due September 30, 01/21/ Page 16 of 28 FY ASH Business Plan

18 Activity Target 5: Work with air carriers, ADG, and AIN to implement a pilot program to determine the feasibility of aircraft operators electronically transmitting shipping paper data. Due Activity Target 6: Conduct inspections on shippers or air carriers requesting SP or CA determinations as part of the ADG review process. Due Core Activity: Outreach - Critical Commodities AHE will better educate the public, industry, and air carriers to protect against the risks to life, property and the environment that are inherent in the transportation of hazardous materials in United States air commerce. Conduct outreach activities to shippers of critical hazmat commodities as required, educating the public, industry, air carriers and aviation industry associations on the safe transportation of hazardous materials by air. Due September 30, Respond to all actionable airline passenger hazmat discrepancy reports through automated outreach. Due Core Activity: Investigations AHE will prepare Enforcement Investigation Reports in accordance with the FAA Order B, titled "Compliance and Enforcement Program." Complete 90% of all civil penalty cases within 90 calendar days. Due Core Activity: FAA Safety Management Program AHE will support the ASH Hazardous Materials Safety Management Program's integration into FAA's air carrier Safety Management System to ensure that Hazardous Materials Regulatory oversight of Part 121 air carriers is consistent with FAA and ICAO obligations through coordination with the Regions and relevant FAA offices. AHE will conduct a Special Emphasis Inspection (SEI) on flights from Asia during 3rd quarter, to verify lithium battery compliance. Due September 30, Core Initiative: Critical Infrastructure Protection - AHE AHE will conduct assessments and inspections at FAA staffed facilities to determine compliance with FAA Orders , E, , and applicable directives. Core Activity: Facility Security Management Program AHE will conduct facility security assessments and inspections at FAA staffed facilities to determine status of the facility security management program and compliance with FAA Order Conduct assessments at regional facilities as required by FAA Order and scheduled in the Facility Security Reporting System. This activity will be measured against the completion of all assessments by the target date. Quarterly evaluations will be conducted to determine status throughout the year. Due Conduct inspections at regional facilities as required by FAA Order and scheduled in the Facility Security Reporting System. This activity will be measured against the completion of all assessments by the target date. Quarterly evaluations will be conducted to determine status throughout the year. Due Validate the implementation of security measures at FAA facilities and accredit 90% of facilities within 15 days of all findings being verified as closed. Due Conduct outreach activities at 10% or 13 FAA facilities currently scheduled for a facility assessment or inspection in the Facility Security Reporting System. Due Activity Target 5: Complete 80% of all incidents entered in the Facility Security Reporting System (FSRS) database for FY and analyze the Incident Trending Report. Due Core Activity: Internal Security - COMSEC and Classified Program Inspections AHE Infrastructure Protection Specialists will conduct Communications Security (COMSEC) inspections at FAA facilities to determine their compliance with FAA Order , and National Security Agency 01/21/ Page 17 of 28 FY ASH Business Plan

19 (NSA)/United States Air Force (USAF) directives. AHE Infrastructure Protection Agents will also inspect all areas that store classified national security information to determine compliance with FAA Order and other applicable directives. Conduct COMSEC inspections at FAA facilities as required by the business plan. This activity target will be measured against the completion of all classified information inspections by the target date. Evaluations will be conducted at the end of each quarter and compared against interim milestones. Due Conduct classified information inspections at FAA facilities as required by the business plan. This activity target will be measured against the completion of all classified information inspections by the target date. Evaluations will be conducted at the end of each quarter and compared against interim milestones. Due Core Activity: Critical Infrastructure Protection AHE will interface with and assist the engineering lines of business and the logistics organization by providing required protective measures during projects involving new facilities, major renovations and new leased space and renewals of current leased space. Participate in all construction projects involving new facility designs or major renovations by collaborating with the appropriate engineering line of business and facility management throughout all project phases to ensure security measures are incorporated into the facility design. This activity will be measured against the completion of construction projects by the target date. Due Review 80% of leases within 90 days after submission to AHE for new leased space for FAA facilities, excluding those prolonged for reasons beyond the specialist's control. The review process will ensure any applicable security clauses and security requirements are incorporated into new leases. Due September 30, Review 80% of leases within 30 days after submission to AHE for leased space being considered for renewal, excluding those prolonged for reasons beyond the specialist's control. The review process will ensure no major changes or modifications exist at the current space that would impact or affect any applicable security clauses or security requirements already incorporated into the existing lease. Due Core Initiative: Internal Security and Investigations - AHE AHE initiates and adjudicates all employee and contractor suitability and security requests; initiates and conducts investigations on FAA employees, contractors, non-employees and certificated airmen; conducts regulatory investigations on all airmen and aircraft; and supports the implementation of the Common Identification Standard. Core Activity: Allegations of Misconduct AHE initiates and conducts investigations on FAA employees, contractors, non-employees and certificated airmen suspected of violating various FAA orders and regulations. The types of investigations include Administrative, Civil, Regulatory and other Special Inquiries. Complete 95% of Accountability Board, Safety Hotline, and Administrator's Hotline complaints investigations within 30 working days, excluding those prolonged for reasons beyond the investigator's control. Due Complete 95% of investigations based upon Department of Transportation, Office of Inspector General (DOT/OIG) Hotline complaints within DOT/OIG's specified suspense, excluding those prolonged for reasons beyond the investigator's control. Due Work with headquarters to review, develop and implement changes to the investigations program to improve timeliness and efficiency. Due Core Activity: Law Enforcement Assistance Program AHE will conduct regulatory investigations on all airmen and aircraft involved in illegal drug activity or in threatening National Security by using the National Airspace System to commit criminal acts. Initiate regulatory investigations on 95% of all 01/21/ Page 18 of 28 FY ASH Business Plan

20 airmen involved in sale or distribution of illegal drugs within 30 days of knowledge of a conviction or notification by law enforcement. Due September 30, Initiate regulatory investigations on 95% of all aircraft involved in illegal activity within 30 days of knowledge of that activity. Due September 30, Provide LEAP training, assistance and briefings to Federal, state and local law enforcement agencies as requested. Provide assistance to other agencies as appropriate. Due Each LEAP Agent will conduct a minimum of four ramp checks at general aviation airports each quarter, and will conduct ramp checks geographically in each state to validate airman certificates, aircraft certificates and aircraft registration. Due Activity Target 5: Track all laser incidents weekly requiring LEAP support in the Investigations Tracking System (ITS) and assist law enforcement agencies and Flight Standards conducting laser incident investigations. Due Activity Target 6: Utilize the Automatic Detection and Processing Terminal (ADAPT) to assist in a 2% reduction in the occurrence of registration violations. In addition, identify and track aircraft of interest for law enforcement as requested. Due September 30, Core Activity: ID Media AHE will support AIN in the implementation of the Common Identification Standard instituted by Homeland Security Presidential Directive (HSPD-12) in accordance with standards developed. Complete issuance process for FAA employees and contractors identified within the AHE area of responsibility to receive or renew the PIV card for FY. Due Support DOT PIV card issuance at Regional Offices. Due Core Activity: Risk Management AHE Risk Management Specialists support the Personnel Security Program, Contractor and Industrial Security Program by initiating and adjudicating all employee and contractor initial background investigations; initiating and adjudicating periodic reinvestigations; and issuing security clearances for FAA employees within the Joint Office East. 80% of contractor fingerprints will be adjudicated, within 10 days of receipt of the fingerprint results. Due 80% of contractor public trust investigations will be adjudicated, on average, within 60 days of the closing date of the OPM investigations. Due 80% of employee fingerprints will be adjudicated, within 10 days of receipt of the fingerprint results. Due 80% of employee public trust and national security background investigations will be adjudicated within 30 days of the closing date of OPM investigations. Due Core Activity: Digital Media Analysis Program (DMAP) Support the Digital Media Analysis Program in accordance with FAA Orders and Complete all digital forensic analysis requests accepted within 20 working days except those prolonged for reasons beyond forensic examiner's control. Due Core Initiative: AHE Support - ASH Training Function AWM's goal is to ensure that the right people are in the right place at the right time with the skill and knowledge to support the ASH mission, providing technical and professional training programs for ASH and FAA LOBs. Core Activity: AHE Support - ASH Training Function AHE supports the Training and Workforce Resources Staff which is responsible for providing training and development for the ASH workforce, including technical training, professional development, and management development to supplement FAA 01/21/ Page 19 of 28 FY ASH Business Plan

21 corporate training programs from managers. The Joint Security and Hazardous Materials Safety Office, East (AHE) goal is to ensure that the right people are in the right place at the right time with the skill and knowledge to support the ASH mission. The Training and Workforce Resources Staff designs, develops, and delivers technical training, provides access to training opportunities from non-faa sources, manages the ASH training budget, and is responsible for management development programs within ASH. The Training and Workforce Resources Staff also provides training to all FAA organizations in Communications Security (COMSEC) and Secure Telephone Equipment (STE). Technical courses maintained for ASH employees include personnel security, Infrastructure Protection, investigations, and regulation of transportation of hazardous materials by air. Provide technical and non-technical learning and development opportunities to the ASH Workforce based on organizational needs and funding availability. Due Core Measure: Joint Security and Hazardous Materials Safety Office - Central (AHC): Inspections and Investigations Execute and conduct inspections and investigations to fulfill the requirements of the ASH mission. Core Initiative: Hazardous Materials - AHC AHC Hazardous materials agents conduct inspections of shippers of hazardous materials that were identified during routine air carrier inspections; shippers of hazardous materials by air that have been prioritized into risk-based categories using information shared with all DOT modal administrations; air carriers and repair stations that ship hazardous materials by air. Core Activity: Inspections AHC will conduct inspections of: Shippers of Hazardous Materials that were identified during routine air carrier inspections; Shippers of hazardous materials by air that have been prioritized into riskbased categories using information shared with all DOT modal administrations; Air carriers that ship hazardous materials; and repair stations that ship hazardous materials by air. Conduct shipper and repair station inspections as identified in the AHC Hazmat Safety Program National Workplan. Due Conduct air carrier station inspections as identified in the AHC Hazmat Safety Program National Workplan. Due Review all air carrier Hazardous Material training programs and manuals submitted by the Flight Standards office holding the air carrier certificate and notify the Flight Standards office of any required changes or approval within 45 calendar days of receipt. Due Conduct inspections on shippers or air carriers requesting Special Permit or Competent Authority determinations as part of the ADG review process as resources allow. Due Core Activity: Outreach - Critical Commodities AHC will better educate the public, industry, and air carriers in the safe transportation of Hazardous Materials. Conduct outreach activities to shippers of critical hazmat commodities as required by the AHC Work Plan. Due Respond to all actionable airline passenger hazmat discrepancy reports through automated outreach. Due Core Activity: Investigations AHC will prepare Enforcement Investigation Reports in accordance with the FAA Order B, titled "Compliance and Enforcement Program." Complete 90% of all civil penalty hazardous materials investigations within 90 calendar days. Due Core Initiative: Critical Infrastructure Protection and Information Security - AHC AHC will conduct assessments and inspections at FAA staffed facilities to determine compliance with FAA Orders , , , and applicable 01/21/ Page 20 of 28 FY ASH Business Plan

22 directives; and conduct information security outreach at FAA facilities. Core Activity: Critical Infrastructure Program AHC will conduct Infrastructure Protection assessments and inspections at FAA staffed facilities to determine status of the Infrastructure Protection management program and compliance with FAA Order Conduct Infrastructure Protection assessments and inspections at FAA facilities as required by the AHC workplan and measure against the completion of all Infrastructure Protection assessments by the target date. Evaluate at the end of each quarter and compare against the AHC workplan. Due Due Validate the implementation of security measures at FAA facilities and accredit 90% of facilities within 15 working days of all findings being verified as closed. Due Complete 80% of all incidents entered in Infrastructure Protection reporting System (FSRS) database for FY and analyze the incident Trending report from FSRS database each quarter to determine if security briefings are required to address the specific incident types. Due Due Core Activity: COMSEC and Classified Program Inspections AHC Security Agents will conduct Communications Security (COMSEC) inspections at FAA facilities to determine their compliance with FAA Order , and National Security Agency (NSA)/United States Air Force (USAF) directives. AHC Security Agents will also inspect all areas that store classified national security information to determine compliance with FAA Order and other applicable directives. Conduct COMSEC and Classified information inspections at FAA facilities as required by the Business Plan and measure against the completion of all COMSEC inspections by the target date. Due Core Initiative: Internal Security and Investigations - AHC AHC initiates and adjudicates all employee and contractor suitability and security requests; initiates and conducts investigations on FAA employees, contractors, non-employees and certificated airmen; conducts regulatory investigations on all airmen and aircraft; and supports the implementation of the Common Identification Standard. Core Activity: Background Investigations AHC Security Specialists support the Personnel Security Core Business target by initiating and adjudicating all employee and contractor initial background investigations; initiating and adjudicating periodic reinvestigations; and issuing security clearances for FAA employees within the Joint Office, Central. 80% of contractor fingerprints within 10 days of receipt of the fingerprint results. Due September 30, 80% of contractor background investigations or forwarded to the Office of Human Resources (AMH) within 60 days of the closing date of the OPM investigations. Due 80% of employee fingerprints within 10 days of receipt of the fingerprint results. Due September 30, 80% of employee national security background investigations or forwarded to Office of Human Resources (AMH) within 30 working days of the closing date of OPM investigations. Due Core Activity: Allegations of Misconduct AHC initiates and conducts investigations on FAA employees, contractors, non-employees and certificated airmen suspected of violating various FAA orders and regulations. The types of investigations include Administrative, Civil, Regulatory and other Special Inquiries. Complete 95% of all Accountability Board investigations within 30 work days, excluding those prolonged for reasons beyond the investigator's control. Due Complete 95% of all investigations based upon Safety Hotline complaints and Administrator's 01/21/ Page 21 of 28 FY ASH Business Plan

23 Hotline complaints within 30 work days, and complete 95% of investigations based upon Department of Transportation, Office of Inspector General (DOT/OIG) Hotline complaints within DOT/OIG's specified due dates excluding those prolonged for reasons beyond the investigator's control. Due Track laser incidents in ITS requiring LEAP support; and assist law enforcement agencies and Flight Standards in conducting Laser incident investigations. Due Core Activity: Law Enforcement Assistance Program AHC will conduct regulatory investigations on all airmen and aircraft involved in illegal drug activity or threaten National Security by using the National Airspace System to commit criminal acts. Initiate regulatory investigations on 95% of all airmen involved in sale or distribution of illegal drugs within 30 work days of knowledge of a conviction or notification by law enforcement. Due Initiate regulatory investigations on 95% of all aircraft involved in illegal activity within 30 work days of knowledge of that activity. Due September 30, Conduct ramp checks at general aviation airports to validate airman certificates and aircraft certificates and registration. Due September 30, Provide training, assistance and briefings to federal, state and local agencies, and other external and internal customers as requested. Due Core Activity: ID Media AHC will support AIN in the implementation of the Common Identification Standard instituted by Homeland Security Presidential Directive (HSPD-12) in accordance with standards developed. Continue issuance of PIV cards to include renewals for all FAA employees and contractors as required. Due Support DOT PIV card issuance at Regional Offices. Due Core Activity: Conduct EEO Training and Briefings to include the mandatory No FEAR Training Collaborate with the Office of Civil Rights to deliver a brief on the EEO process to AHC employees. AHC will collaborate with the Office of Civil Rights to deliver a brief on the EEO process for employees. Due Core Initiative: AHC Support - ASH Information Resource Management (IRM) Function AHC supports the main objective of the IRM staff which is to provide cost effective, secure enabling technology to support the ASH mission. AIN-500 developed a state of the art web-based platform for hosting all its data driven applications, effectively capturing, disseminating, and analyzing safety and security data. Program managers, hazmat inspectors, security investigators, facility inspectors, and support personnel are using integrated systems for planning, scheduling, capturing and tracking work programs, investigation results, and safety and security information. The ASH platform delivers anytime, anywhere access for all its agents and employees whether they are at their desks, at home or on travel. This access is entirely secure from point to point and delivers data and reports in real-time. This platform enables ASH to become much more efficient in its operations as workloads can be spread around allowing individual employees to become more productive. Core Activity: IRM - Computer/Digital Forensics AHC will administer a computer/digital forensics program. Complete all forensics analysis within 20 days per device except those prolonged for reasons beyond the computer forensics specialist's control. Due Core Measure: Center and Executive Operations Maintain a level of service commensurate with 100% of the targets of key workplan activities. This performance measure is reflected as a percentage derived from the 01/21/ Page 22 of 28 FY ASH Business Plan

24 weighted average of key internal security activities. These activities are defined as (1) outreach efforts (weight=.05); (2) facility security inspections (weight=.3); (3) COMSEC inspections (weight=.05); (4) background investigations (weight=.3) and investigative timelines (weight=.3). Core Initiative: Mike Monroney Aeronautical Center Internal Security Operations The Security and Investigations Division, AMC-700 implements ASH internal security programs through the Internal Security Branch, AMC-750 which includes: personnel security programs, background investigations, internal investigations, identification media, facility security and communication security inspections and assessments. Regulatory Enforcement and external support programs are administered through the Regulatory Investigations Branch, AMC-760. These programs consist of the national DUI/DWI enforcement program, airmen/aircraft regulatory enforcement programs, and assistance rendered to federal, state, local law enforcement agencies, ASH Headquarters and field elements. Core Activity: Background Investigations AMC will conduct background investigations on FAA employees and contractors using the electronic Questionnaire for Investigation Processing (eqip). 80% of contractor fingerprints will be adjudicated, on average, within 10 days of receipt of the fingerprint results. Due Due 80% of employee fingerprints will be adjudicated, on average, within 10 days of receipt of the fingerprint results. Due Due 80% of employee and contractor suitability investigations will be adjudicated within 60 days of the closing date of the OPM investigations. Due Due 80% of employee national security background investigations will be adjudicated within 30 days of the closing date of the OPM investigation. Due Due Core Activity: Administrative Investigations AMC will investigate allegations of misconduct by FAA employees and contractors. Complete 95% of all Accountability Board investigations within 30 work days, excluding those prolonged for reasons beyond the investigator's control. Due Due Complete 95% of all investigations based upon Safety Hotline complaints and Administrator's Hotline complaints within 30 workdays, excluding those prolonged for reasons beyond the investigator's control. Due Due Complete 95% of investigations based upon Department of Transportation, Office of Inspector General (DOT/OIG) Hotline complaints within DOT/OIG's various specified times of 30, 60, or 90 days, excluding those prolonged for reasons beyond the investigator's control. Due September 30, Due Core Activity: Regulatory Investigations AMC will conduct regulatory investigations on FAA certificated airmen with alcohol related motor vehicle actions reportable on their medical and under 14 CFR 61.15(e). Initiate preliminary regulatory investigations of airmen when information is received or made available that they are in alleged noncompliance with alcohol-related motor vehicle action reporting requirements within five business days 95% of the time. Due Due September 30, Conduct a minimum of eight outreach activities to educate the aviation community about the reporting requirements of alcohol related motor vehicle actions. Due Due Support the Civil Aviation Registry, located at the Aeronautical Center by conducting preliminary investigations on requests. If applicable, coordinates and transfers the investigation to the applicable Joint Office of Security and Hazardous Materials or Flight Standards District Office for further investigation. Preliminary investigations 01/21/ Page 23 of 28 FY ASH Business Plan

25 and/or referrals to the Joint Office or Flight Standards will be accomplished within ten business days of receipt 95% of the time. Due Due Core Activity: Law Enforcement Assistance AMC will support local, state, federal, tribal law enforcement and our regional counterparts by conducting and refer investigations on airmen and aircraft involved in illegal drug activity or who threaten National Security by using the National Airspace System to commit criminal acts. Ensure initial response to inquiries from federal, state, local and tribal law enforcement, ASH headquarters and field elements within 24 hours of request 95% of the time. Due Due Review annually all flagged files (airman, aircraft and medical) to validate requests. Due September 30, Due Coordinate and review stolen aircraft data with the El Paso Intelligence Center (EPIC) on a monthly basis to ensure accuracy. Due September 30, Due Core Activity: Facility Security Management Program AMC will conduct facility security assessments and inspections at AMC facilities to determine the status of the facility security management program and compliance with FAA Order Conduct facility security assessments/inspections at AMC facilities as required by FAA Order and scheduled in the Facility Security Reporting System. This activity will be measured against the completion of all assessments by the target date. Quarterly evaluations will be conducted to determine status throughout the year. Due Due September 30, Validate the implementation of security measures at FAA facilities and accredit 90% of facilities within 15 days of all findings being verified as closed. Due Due September 30, Core Activity: COMSEC and Classified Program Inspections AMC will conduct Communications Security (COMSEC) inspections and inspect areas that store classified national security information to determine compliance with FAA Order E, FAA Order , and other relevant directives. Conduct COMSEC inspections at FAA facilities as required by the Center workplan. This activity target will be measured against the completion of all COMSEC inspections by the target date. Evaluations will be conducted at the end of each quarter and compared against interim milestones contained in the workplan. Due September 30, Due Conduct classified information inspections at FAA facilities as required by the Center workplan. This activity target will be measured against the completion of all classified information inspections by the target date. Evaluations will be conducted at the end of each quarter and compared against interim milestones contained in the workplan. Due Due Core Activity: ID Media AMC will issue PIV cards to eligible FAA employees and contractors. Issue Personal Identity Verification (PIV) compliant identification (ID) media to MMAC employees and contractors per FAA Order Due Due Budget permitting, based on current staffing level of one Security Assistant and one contract employee, issue PIV compliant ID media to air traffic control students attending training at the FAA Academy (AMA). Due Due Meet twice yearly with AMA officials to evaluate the process of issuing PIV compliant ID media to air traffic control students and make operational changes as necessary. Due Due Deliver Benefits Through Technology/Infrastructure 01/21/ Page 24 of 28 FY ASH Business Plan

26 The Office of Security and Hazardous Materials Safety is committed to furthering the strategic goal of delivering benefits through technology. Core Measure: Drive Continuous Efficiency Improvement & Cost Control Achieve documented cost savings and cost avoidance of $30 million in FY. Core Initiative: Productivity and Financial Metrics Each FAA organization will develop, track, and report quarterly on a comprehensive measure of its operating efficiency or financial performance. These measures will include: ATO cost per controlled flight, staff office overhead rates and cost per accounting transaction. Core Activity: ASH Efficiency Measure: Completion of Inspection and Investigation Activities ASH will report to ABA quarterly on the percentage of inspections and investigations completed within the required timeframes as identified by Regional Work plans. These activities include hazmat inspections, facility inspections, communications security inspections and tracked investigations. Report quarterly results and comments to ABA for the completion of inspections and investigations. Due 30 days after the end of each quarter. Due Provide updated FY 2016 template for review and approval in time to be included in the FY 2016 Business Plan. Due Core Measure: Support Sustainability and Environmental Objectives In accordance with Executive Order Federal Leadership in Environmental, Energy, and Economic Performance, AFN will support agency sustainability goals to reduce the carbon footprint of information technology, fleet vehicles, real property, and contracting. Achieve at least 3 out of 4 Initiatives for FY15, due September 30, : 1) Reduce inaccurate data and deliver a baseline of invoiced water and electricity use by FAA-owned properties; 2) Reduce the agency vehicle petroleum consumption by 20% from FY-2005 baseline, not-toexceed 2,230,492 gasoline-equivalent units. 3) ACQ - Award two energy saving performance contracts (ESPC) and two task orders under another ESPC 4) AIT- Conduct Managed Print Output Pilot in one region. Core Initiative: Fleet Management Reduce FY- agency petroleum consumption by government fleet vehicles by 20% from the FY-2005 baseline, a maximum consumption of 2,230,492 gasoline-equivalent units. In accordance with Executive Order 13514, federal agencies must reduce vehicle fleet petroleum consumption at a minimum of 2% annually through FY-2020, relative to a FY-2005 baseline. Core Activity: Fleet Management - ASH In accordance with Executive Order 13514, support the Agency to achieve a 20% decrease in vehicle fleet petroleum consumption over the FY-2005 baseline. The FY-15 ASH target is not to exceed the maximum petroleum consumption of 30,361 gasoline gallon equivalents (GGEs). Due Empower and Innovate with the FAA's People The Office of Security and Hazardous Materials Safety is committed to furthering the strategic goal of empowering and innovating with FAA's people. Core Measure: Hiring Persons with Targeted Disabilities (PWTD) Support the DOT Strategic Objective to build a capable, diverse, and collaborative workforce of highly-skilled, innovative, and motivated employees by increasing the hiring of PWTD for eligible positions to 3 percent by In FY, ACR in collaboration with the FAA LOBs/SOs will ensure that at least 2% of all FAA new hires are PWTD. Core Initiative: Hiring PWTD The FAA line of businesses and staff offices (LOBs/SOs) will work collaboratively to support the DOT goal to increase the representation of PWTD in the workforce by ensuring that at least 2% of all FAA new hires are PWTD. Each year, FAA will increase incrementally the percentage of PWTD hires by.33% per year to reach the 3% DOT hiring goal by Core Activity: Hiring PWTD 01/21/ Page 25 of 28 FY ASH Business Plan

27 In FY 15, the Office of Civil Rights in collaboration with the FAA LOBs/SOs will ensure that at least 2% of all FAA new hires are PWTD. The head of each LOB/SO will issue a memorandum (key language will be provided by ACR) directed to their managers promoting the PWTD hiring goal. Due December 31, 2014 Each LOB/SO will report to ACR their total hiring projections for FY 15, and identify the estimated number of PWTD hires required to meet their 2% hiring goal. Due March 31, Managers with hiring authority from each LOB/SO will participate in one consultation session held by the National People with Disabilities Program Manager to establish hiring initiatives. Due March 31, Core Measure: Alternative Dispute Resolution (ADR) Encourage the FAA workforce to engage in the ADR process as a method to resolve disputes in the EEO Complaint Process at the lowest possible level to avoid the cost, delay, and unpredictability of the traditional adjudicatory processes. Core Initiative: ADR Engagement Encourage workforce to resolve disputes in an amicable way by utilizing the ADR process. Core Activity: ADR Engagement ACR, in coordination with the LOBs/SOs, will ensure that 65% of all managers engage in mediation when requested by employees. Assist Agency effort with ADR engagement by ensuring that 65% of all managers engage in mediation when requested by employees. Due Core Measure: EEO/Diversity and Inclusion Action Committee (EAC) The EAC oversees and supports the FAA efforts to create a diverse and inclusive workplace that ensures equal opportunity for all its employees. Core Initiative: EAC In collaboration with the LOBs/SOs, ACR will identify recommendations and strategies regarding EEO and diversity efforts within the FAA workplace. Core Activity: EAC Identify recommendations and strategies regarding EEO and diversity efforts within the FAA workplace. Conduct an internal MD 715 self-assessment (Part G Checklist) as required by EEOC. Due October 15, 2014 Analyze and present demographic data in comparison to the civilian labor force statistics to the EAC; and identify strategies and actions for improving groups with lower than expected participation rates. Due November 30, 2014 Provide a mid-year status report to the EAC on actions taken to accomplish business plan goals. Due April 30, Support Agency efforts to implement and/or revise performance evaluation methods to the managers EEO performance standard. Due September 30, Activity Target 5: Develop and implement Diversity and Inclusion initiatives through the EAC Workgroups. Due Core Measure: Learning and Development The Technical Learning and Development Division is responsible for providing training and development for the ASH workforce including technical training, professional development, and management development to supplement FAA corporate training programs for managers. Core Initiative: ASH Training Function The AWM staff analyzes, designs, develops, delivers, evaluates, and maintains internal technical training for the ASH and FAA-wide workforce. FAA wide training includes on-line courses: ASH SAVI, FAA and Safeguarding Classified Information within the FAA course, FAA Internal training includes personnel security, facility security, investigations, and 01/21/ Page 26 of 28 FY ASH Business Plan

28 regulation of transportation of hazardous materials by air. AWM-100 also provides access to external technical and non-technical training opportunities from non-faa sources; supports the FAA Leadership and Learning Institute and provides a POC for other professional development programs such as the Program for Emerging Leaders (PEL), annual Call for Training, and training request process. Core Activity: Training Development AWM is responsible for managing leadership and employee development programs; and analyzing, designing, developing, delivering, evaluating and maintaining internal technical training for the ASH and FAA-wide workforce. Coordinate ASH participation in the AHR Program for Emerging Leaders in accordance with their process and funding availability. Due September 9, Evaluate the feasibility to host the Air Transportation of Dangerous Goods Basic - International course in FY16 by the end of the 3rd quarter. Due March 31, Collaborate with Flight Standards Service's Certification & Surveillance Division, AFS-900 to schedule Safety Assurance System (SAS) Training for ASH Hazmat Safety Specialists by. Due Identify advanced courses for Hazmat Safety Inspectors by the end of the first quarter. Due December 31, 2014 Activity Target 5: Support AHD's implementation of the FAA Leadership and Learning Institute (FLLI) Workforce of the Future Initiative. Due September 30, Core Measure: Workforce Services The Workforce Services Division provides human resource guidance and procedures specific to Security and Hazardous Materials Safety. Our goal is to ensure that the right people are in the right place at the right time with the skill and knowledge to support the ASH mission. The staff oversees implementation of human resources policies within ASH, conducts workforce planning, and consults on reorganizations, recruitment and selection, pay administration, performance management, awards and recognition, conduct and discipline issues, performance issues, work schedules, and leave management. The staff also serves as liaison with ACR for implementation of model EEO programs within ASH. Core Initiative: ASH Human Resource Management Function Ensure that skilled staff are available to support the mission by updating organizational workforce plans for mission critical positions. Core Activity: Workforce Planning Development Develop a plan to ensure that the right people are in the right place at the right time with the skill and knowledge to support the ASH mission. Establish a workforce plan to address succession planning within the ASH Workforce. Due Core Activity: Valuing Performance Initiative Support Complete tasks that support FAA's Valuing Performance implementation. Develop headquarters job documentation by the end of the second quarter. Due March 31, Implement quarterly workforce engagement activities to support FAA's Valuing Performance Initiative. Due Support FAA's new performance based compensation program, Valuing Performance training initiatives. Due Core Activity: ASH Orientation Program AWM will implement a new ASH orientation process. Implement new ASH orientation process. Due Core Activity: Telework Program AWM will support DOT and FAA Telework initiatives. Provide monthly telework reports to ASH management team. Due 01/21/ Page 27 of 28 FY ASH Business Plan

29 Core Measure: Workforce Engagement ASH's Workforce and Engagement Team works to create an organizational culture that embraces the inclusion of original and diverse thoughts, fosters a collaborative team, and engages commitment to successfully accomplish ASH's mission. Core Initiative: FedView Administration and Implementation AWM is responsible for the administration, implementation, and evaluation of the OPM FedView survey. Core Activity: FedView Administration AWM is responsible for the administration, implementation, and evaluation of the OPM FedView survey. Implement FedView communication plan to meet or exceed DOT and FAA established goals. Due Core Measure: Equal Employment Opportunity (EEO) Training Assist Agency efforts to create a FAA culture in which managers and employees understand their role in creating and maintaining an inclusive workplace by providing training on EEO laws, FAA policies, and appropriate workplace behavior. Core Initiative: EEO Training Increase workforce competency of EEO laws, FAA policies and appropriate workplace behavior through EEO Training. Core Activity: EEO Training Requirements for FAA Workforce Increase workforce competency of EEO laws, FAA policies and appropriate workplace behavior. Ensure that 10% of employees complete at least one EEO training course. Due September 30, Core Measure: Small Business and Corporate Citizenship Promote Small Business Development and Corporate Citizenship. Core Initiative: Award Procurement Dollars to Small Businesses Award at least 25% of the total agency direct procurement dollars to small businesses, thereby promoting small business development and good corporate citizenship. Each organization is asked to place special emphasis on procurement opportunities for small disadvantaged businesses (including 8(a) certified firms, service-disabled veteran-owned small businesses, and women owned small businesses). Core Activity: Awarding of Procurement Dollars (ASH) Award at least 25 percent of the total ASH direct procurement dollars to small businesses, thereby promoting small business development and good corporate citizenship. Each organization is asked to place special emphasis on procurement opportunities for small disadvantaged businesses (including 8(a) certified firms, service-disabled veteran-owned small businesses, and women owned small businesses). Participate in at least one local outreach event with special emphasis on procurement opportunities for small disadvantaged businesses (including 8(a) certified firms, service-disabled veteran-owned small businesses, and women owned small businesses). Due September 30, Award at least 25 percent of the total ASH direct procurement dollars to small businesses. Due Ensure 100% of employees complete the NoFEAR Training required by OPM. Due November 23, 2014 Ensure that 60% of management complete at least one EEO training course. Due September 30, 01/21/ Page 28 of 28 FY ASH Business Plan